Update Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md

Workflows/Windows/Windows Server/Roles/Active Directory Certificate Services.md

@@ -72,6 +72,7 @@ You will see a finalization screen confirming everything we have configured, it
 
 ### Online (Domain-Joined) Subordinate/Intermediary CA `LAB-CA-02` Role Deployment
 Now that we have set up the root certificate authority, we can focus on setting up the subordinate CA.
+
 - Navigate to "**Server Manager > (Alert Flag) > Post-deployment Configuration: Active Directory Certificate Services**"
     - Under credentials, let it automatically populate a domain admin. (e.g. `BUNNY-LAB\nicole.rappe`)
     - Click "**Next**"
@@ -122,7 +123,7 @@ At this point, we will need to focus on getting the certificate signing request
 - Once the certificate signing request file `C:\LAB-CA-02.bunny-lab.io_bunny-lab-LAB-CA-02-CA.req` is on `LAB-CA-01` (RootCA) we can proceed to get it signed.
 - Navigate to "**Server Manager > Tools > Certification Authority**"
     - Right-click the CA node in the treeview on the left-hand sidebar (e.g. `BunnyLab-RootCA`)
-    - Click on "**All Tasks" then "Submit new request...**"
+    - Click on "**All Tasks" > "Submit new request...**"
         - Browse to and select the subordinate CA’s .req file (e.g. `LAB-CA-02.bunny-lab.io_bunny-lab-LAB-CA-02-CA.req`)
     - Click on "**BunnyLab-RootCA > Pending Requests**
     - Right-click the request we just imported, and select "**All Tasks > Issue**"
@@ -136,13 +137,13 @@ At this point, we will need to focus on getting the certificate signing request
         - Right-click the `BunnyLab-RootCA` node > Properties > View Certificate > Details > Copy to File...
         - Save as `RootCA.cer`
 - Copy both `LAB-CA-02-SubCA.cer` (the signed subordinate CA cert) and `RootCA.cer` (the root CA cert) to the subordinate CA (`LAB-CA-02`), using a secure method (e.g. USB drive).
+- On `LAB-CA-02` (Subordinate CA), Navigate to "**Server Manager > Tools > Certification Authority**"
+    - Right-click the CA node in the treeview on the left-hand sidebar (e.g. `BunnyLab-SubordinateCA-01`)
+    - Click on "**All Tasks" > "Install CA Certificate**"
+        - Browse to and select `LAB-CA-02-SubCA.cer` (*you may need to change the cert file extension filter to `X.509 Certificate`*)
+        - When prompted for the CA chain or root certificate, browse for and select the `RootCA.cer` you transferred earlier along with the `LAB-CA-02-SubCA.cer`
+        - 
 
-!!! info "On the Subordinate CA (LAB-CA-02): Complete CA Installation"
-1. Open Certification Authority (certsrv.msc).
-2. If prompted, select Install CA Certificate...
-- Browse to and select LAB-CA-02-SubCA.cer.
-3. If not prompted, right-click the CA node (with warning icon) > All Tasks > Install CA Certificate...
-4. When prompted for the CA chain or root certificate, browse to and select RootCA.cer.
 5. Ensure the Root CA certificate is also imported into the Trusted Root Certification Authorities store for both the local machine and the CA service.
 - Open certlm.msc, right-click Trusted Root Certification Authorities > Certificates, and select Import...
 6. Start the Certification Authority service:
@@ -161,9 +162,6 @@ At this point, we will need to focus on getting the certificate signing request
     I will go over setting up additional roles **AFTER** documenting the process of getting the certificate signing request from `LAB-CA-02` to `LAB-CA-01`
 
 !!! abstract "Raw Unprocessed/Unrefined Steps - Do Not Use"
-    3. Online Subordinate CA Setup
-    Steps:
-    2. Generate CSR, sign with Root CA, import signed cert.
     3. Configure AIA/CDP extensions for CRL publication.
     4. Enable role separation and auditing.
     4. Certificate Templates and Autoenrollment